[PATCH] SSL: make ssl_password_file work with recent OpenSSL releases
piotr at cloudflare.com
Thu Oct 30 04:14:01 UTC 2014
> Are you also looking to have a fix for the POODLE vulnerability?
The only fix for the POODLE vulnerability is to disable SSLv3 (I'm
going to send a patch for that in a moment).
However, if you meant TLS_FALLBACK_SCSV, then it's not needed, because
nginx doesn't do "downgrade dance".
More information about the nginx-devel